ubi: replace simple_strtoul() with kstrtoul()

Message ID	5379C2E8.5040000@huawei.com
State	Changes Requested
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> Message-ID: <5379C2E8.5040000@huawei.com> Date: Mon, 19 May 2014 16:38:00 +0800 From: Zhang Zhen <zhenzhang.zhang@huawei.com> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20121010 Thunderbird/16.0.1 MIME-Version: 1.0 To: <adrian.hunter@intel.com>, <dedekind1@gmail.com> Subject: [PATCH] ubi: replace simple_strtoul() with kstrtoul() References: <1400488570-20288-1-git-send-email-zhenzhang.zhang@huawei.com> In-Reply-To: <1400488570-20288-1-git-send-email-zhenzhang.zhang@huawei.com> summary: Content analysis details: (-1.4 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [119.145.14.66 listed in list.dnswl.org] -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record Cc: linux-mtd@lists.infradead.org, Hu Jianyang <hujianyang@huawei.com> Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

5379C2E8.5040000@huawei.com

State

Changes Requested

Headers

Message-ID: <5379C2E8.5040000@huawei.com>
Date: Mon, 19 May 2014 16:38:00 +0800
From: Zhang Zhen <zhenzhang.zhang@huawei.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1;
	rv:16.0) Gecko/20121010 Thunderbird/16.0.1
MIME-Version: 1.0
To: <adrian.hunter@intel.com>, <dedekind1@gmail.com>
Subject: [PATCH] ubi: replace simple_strtoul() with kstrtoul()
References: <1400488570-20288-1-git-send-email-zhenzhang.zhang@huawei.com>
In-Reply-To: <1400488570-20288-1-git-send-email-zhenzhang.zhang@huawei.com>
Cc: linux-mtd@lists.infradead.org, Hu Jianyang <hujianyang@huawei.com>
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

ZhangZhen May 19, 2014, 8:38 a.m. UTC

use the newer and more pleasant kstrtoul() to replace simple_strtoul(),
because simple_strtoul() is marked for obsoletion.

Signed-off-by: Zhang Zhen <zhenzhang.zhang@huawei.com>
Signed-off-by: hujianyang <hujianyang@huawei.com>
---
 drivers/mtd/ubi/build.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

Comments

Geert Uytterhoeven May 19, 2014, 9:14 a.m. UTC | #1

Please don't add mindless casts!

On Mon, May 19, 2014 at 10:38 AM, Zhang Zhen <zhenzhang.zhang@huawei.com> wrote:
> --- a/drivers/mtd/ubi/build.c
> +++ b/drivers/mtd/ubi/build.c
> @@ -1190,10 +1190,13 @@ static struct mtd_info * __init open_mtd_by_chdev(const char *mtd_dev)
>  static struct mtd_info * __init open_mtd_device(const char *mtd_dev)
>  {
>         struct mtd_info *mtd;
> -       int mtd_num;
> +       int mtd_num, ret;
>         char *endp;
>
> -       mtd_num = simple_strtoul(mtd_dev, &endp, 0);
> +       endp = (char *)mtd_dev;
> +       ret = kstrtoul(endp, 0, (unsigned long *)&mtd_num);

On 64-bit, long is 64-bit, hence this will write beyond mtd_num and will corrupt
the stack.

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

ZhangZhen May 20, 2014, 1:18 a.m. UTC | #2

On 2014/5/19 17:14, Geert Uytterhoeven wrote:
> Please don't add mindless casts!
> 
> On Mon, May 19, 2014 at 10:38 AM, Zhang Zhen <zhenzhang.zhang@huawei.com> wrote:
>> --- a/drivers/mtd/ubi/build.c
>> +++ b/drivers/mtd/ubi/build.c
>> @@ -1190,10 +1190,13 @@ static struct mtd_info * __init open_mtd_by_chdev(const char *mtd_dev)
>>  static struct mtd_info * __init open_mtd_device(const char *mtd_dev)
>>  {
>>         struct mtd_info *mtd;
>> -       int mtd_num;
>> +       int mtd_num, ret;
>>         char *endp;
>>
>> -       mtd_num = simple_strtoul(mtd_dev, &endp, 0);
>> +       endp = (char *)mtd_dev;
>> +       ret = kstrtoul(endp, 0, (unsigned long *)&mtd_num);
> 
> On 64-bit, long is 64-bit, hence this will write beyond mtd_num and will corrupt
> the stack.

Yeah, you are right. This really may write beyond dev.

The kstrtoul(const char *s, unsigned int base, unsigned long *res) only accept unsigned long
pointer as the third parameter.
And the original function simple_strtoul() returns unsigned long type value.
It is also cast. So this may not corrupt the stack.

Or do you have any better suggestion about this?
Thanks.
> 
> Gr{oetje,eeting}s,
> 
>                         Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                 -- Linus Torvalds
> 
>

Geert Uytterhoeven May 20, 2014, 6:57 a.m. UTC | #3

On Tue, May 20, 2014 at 3:18 AM, Zhang Zhen <zhenzhang.zhang@huawei.com> wrote:
> On 2014/5/19 17:14, Geert Uytterhoeven wrote:
>> Please don't add mindless casts!
>>
>> On Mon, May 19, 2014 at 10:38 AM, Zhang Zhen <zhenzhang.zhang@huawei.com> wrote:
>>> --- a/drivers/mtd/ubi/build.c
>>> +++ b/drivers/mtd/ubi/build.c
>>> @@ -1190,10 +1190,13 @@ static struct mtd_info * __init open_mtd_by_chdev(const char *mtd_dev)
>>>  static struct mtd_info * __init open_mtd_device(const char *mtd_dev)
>>>  {
>>>         struct mtd_info *mtd;
>>> -       int mtd_num;
>>> +       int mtd_num, ret;
>>>         char *endp;
>>>
>>> -       mtd_num = simple_strtoul(mtd_dev, &endp, 0);
>>> +       endp = (char *)mtd_dev;
>>> +       ret = kstrtoul(endp, 0, (unsigned long *)&mtd_num);
>>
>> On 64-bit, long is 64-bit, hence this will write beyond mtd_num and will corrupt
>> the stack.
>
> Yeah, you are right. This really may write beyond dev.
>
> The kstrtoul(const char *s, unsigned int base, unsigned long *res) only accept unsigned long
> pointer as the third parameter.
> And the original function simple_strtoul() returns unsigned long type value.
> It is also cast. So this may not corrupt the stack.
>
> Or do you have any better suggestion about this?

kstrtoint().

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

ZhangZhen May 20, 2014, 8:14 a.m. UTC | #4

On 2014/5/20 14:57, Geert Uytterhoeven wrote:
> On Tue, May 20, 2014 at 3:18 AM, Zhang Zhen <zhenzhang.zhang@huawei.com> wrote:
>> On 2014/5/19 17:14, Geert Uytterhoeven wrote:
>>> Please don't add mindless casts!
>>>
>>> On Mon, May 19, 2014 at 10:38 AM, Zhang Zhen <zhenzhang.zhang@huawei.com> wrote:
>>>> --- a/drivers/mtd/ubi/build.c
>>>> +++ b/drivers/mtd/ubi/build.c
>>>> @@ -1190,10 +1190,13 @@ static struct mtd_info * __init open_mtd_by_chdev(const char *mtd_dev)
>>>>  static struct mtd_info * __init open_mtd_device(const char *mtd_dev)
>>>>  {
>>>>         struct mtd_info *mtd;
>>>> -       int mtd_num;
>>>> +       int mtd_num, ret;
>>>>         char *endp;
>>>>
>>>> -       mtd_num = simple_strtoul(mtd_dev, &endp, 0);
>>>> +       endp = (char *)mtd_dev;
>>>> +       ret = kstrtoul(endp, 0, (unsigned long *)&mtd_num);
>>>
>>> On 64-bit, long is 64-bit, hence this will write beyond mtd_num and will corrupt
>>> the stack.
>>
>> Yeah, you are right. This really may write beyond dev.
>>
>> The kstrtoul(const char *s, unsigned int base, unsigned long *res) only accept unsigned long
>> pointer as the third parameter.
>> And the original function simple_strtoul() returns unsigned long type value.
>> It is also cast. So this may not corrupt the stack.
>>
>> Or do you have any better suggestion about this?
> 
> kstrtoint().
> 
Hi Geert,

Thanks for your suggestion, i will send the version2 out.
> Gr{oetje,eeting}s,
> 
>                         Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                 -- Linus Torvalds
> 
>

diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
index 6e30a3c..80c539c 100644
--- a/drivers/mtd/ubi/build.c
+++ b/drivers/mtd/ubi/build.c
@@ -1190,10 +1190,13 @@  static struct mtd_info * __init open_mtd_by_chdev(const char *mtd_dev)
 static struct mtd_info * __init open_mtd_device(const char *mtd_dev)
 {
 	struct mtd_info *mtd;
-	int mtd_num;
+	int mtd_num, ret;
 	char *endp;

-	mtd_num = simple_strtoul(mtd_dev, &endp, 0);
+	endp = (char *)mtd_dev;
+	ret = kstrtoul(endp, 0, (unsigned long *)&mtd_num);
+	if (ret)
+		return ERR_PTR(-EINVAL);
 	if (*endp != '\0' || mtd_dev == endp) {
 		/*
 		 * This does not look like an ASCII integer, probably this is
@@ -1362,8 +1365,12 @@  static int __init bytes_str_to_int(const char *str)
 {
 	char *endp;
 	unsigned long result;
+	int ret;

-	result = simple_strtoul(str, &endp, 0);
+	endp = (char *)str;
+	ret = kstrtoul(endp, 0, &result);
+	if (ret)
+		return -EINVAL;
 	if (str == endp || result >= INT_MAX) {
 		ubi_err("incorrect bytes count: \"%s\"\n", str);
 		return -EINVAL;

ubi: replace simple_strtoul() with kstrtoul()

Commit Message

Comments

Patch